Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dept of Justice Virus


  • This topic is locked This topic is locked
58 replies to this topic

#1 aafattore

aafattore

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago, IL. USA
  • Local time:04:03 PM

Posted 16 May 2013 - 11:33 AM

Hi- I am using Windows Vista-Home. A few days ago my system encountered the Dept of Justice Virus. I have tried the fixes that came from your sight- no go. I have tried a system restore point, Boot menu flash drive fix with and without internet connection etc-nothing works. I get the blue screen of death now. I am unable to get the system to anything else. I have tried to download a fix onto a disc and insert that and rcvd a msg saying

Boot from CD:

No boot device available, Press enter key to retry

SATA-O: Installed

SATA-1: Installed

SATA-3 None

SATA 4 None

Any ideas here? I really do not want to swipe the computer clean and loose everything on the system unless I have to. Please help

Thank you

Alicia 



BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,046 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:03 PM

Posted 16 May 2013 - 11:47 AM

Hello,

I have reported this topic to those who specialize in non-booting computers caused by malware issues.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,823 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:03 PM

Posted 16 May 2013 - 12:40 PM

Hi and welcome.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:03 PM

Posted 16 May 2013 - 02:17 PM

Hello, just letting you know I moved this topic to the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.


Edited by boopme, 16 May 2013 - 02:18 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 aafattore

aafattore
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago, IL. USA
  • Local time:04:03 PM

Posted 16 May 2013 - 05:43 PM

Hi and welcome.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

Hello- and thank you for the info. I have tried your suggestions and unfortunately it did not work. When I restart my system with the Flash-(my system requires F12 to get to the boot menu). I get SELECT BOOT FIRST DEVICE... I choose the flash drive, then I get  

1. bypass master boot record

2. regular boot

3. legacy boot

Ive tried all 3... also goes back to the blue screen of death.



#6 aafattore

aafattore
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago, IL. USA
  • Local time:04:03 PM

Posted 16 May 2013 - 05:48 PM

Also wanted to add that I tried to go in with my Windows Operating System disc...... blue screen of death again!! UGH



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,823 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:03 PM

Posted 16 May 2013 - 07:37 PM

Try tapping F8 at startup to get to the Advanced menu.

  • To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 aafattore

aafattore
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago, IL. USA
  • Local time:04:03 PM

Posted 16 May 2013 - 08:49 PM

tried this... blue screen comes up. It doesnt even take me to advanced boot menu. Goes right to blue screen



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,823 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:03 PM

Posted 17 May 2013 - 06:10 AM

Start tapping on F8 as soon as the BIOS splash menu appear. Can you reach the Advanced Menu where Safe Mode and other options are?


Edited by JSntgRvr, 17 May 2013 - 06:12 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 aafattore

aafattore
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago, IL. USA
  • Local time:04:03 PM

Posted 17 May 2013 - 06:55 AM

Start tapping on F8 as soon as the BIOS splash menu appear. Can you reach the Advanced Menu where Safe Mode and other options are?


Nope- takes me right to the blue screen of death.

#11 aafattore

aafattore
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago, IL. USA
  • Local time:04:03 PM

Posted 17 May 2013 - 08:51 AM

If I start tapping F2, i can get to Award BIOS CMOS Setup Utility.... does this help any-by chance?

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,823 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:03 PM

Posted 17 May 2013 - 02:04 PM

It must be F8.

 

So if I understand well, It doesn't even allow you to reach the Advanced Menu.

 

Can you read the error message on the Blue Screen?

 

How about the Install CD, does it allow you to reach the Advanced Menu?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,823 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:03 PM

Posted 17 May 2013 - 02:11 PM

If the above fail, lets try this:

We will need to view the system status from an external environment. You will need a USB drive and a CD to burn. There will be several steps to follow.

Download  GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Also Download Query.exe to the USB drive. In your working computer, navigate to the USB drive and click on the Query.exe. A folder and a file, query.sh, will be extracted.
  • Remove the USB & CD and insert them in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • In some computers you need to  tap F12 and choose to boot from the CD, in others is the Esc key. Please consult your computer's documentation.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    volsnap.sys

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • While still in the Open Terminal, type bash query.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive as RegReport.txt
  • Then type dd if=/dev/sda of=mbr.txt bs=512 count=1


    Leave a space among the following Statements:

    dd is the executable application used to create the backup
    if=/dev/sda is the device the backup is created from - the hard drive when only one HDD exists
    of=mbr.txt is the backup file to create - note the lack of a path - it will be created in the directory currently open in the Terminal
    bs=512 is the number of bytes in the backup
    count=1 says to backup just 1 sector


    It is extremely important that the if and of statements are correctly entered.

  • Press Enter
  • After it has finished a report will be located in the USB drive as mbr.bin
  • Plug the USB back into the clean computer, and post the contents of the report.txt, filefind.txt and RegReport.txt in your next reply. The mbr.txt file must be attached to your reply as it is a hex file.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 aafattore

aafattore
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago, IL. USA
  • Local time:04:03 PM

Posted 17 May 2013 - 03:45 PM

It must be F8.

 

So if I understand well, It doesn't even allow you to reach the Advanced Menu.

 

Can you read the error message on the Blue Screen?

 

How about the Install CD, does it allow you to reach the Advanced Menu?

Yes- this is correct. I am unable to get to the Advanced Menu. The blue screen says

A problem has been detected and windows has been shut down to prevent damage to your computer.  If you Google "blue screen of death" it comes up.



#15 aafattore

aafattore
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Chicago, IL. USA
  • Local time:04:03 PM

Posted 17 May 2013 - 03:47 PM

 

It must be F8.

 

So if I understand well, It doesn't even allow you to reach the Advanced Menu.

 

Can you read the error message on the Blue Screen?

 

How about the Install CD, does it allow you to reach the Advanced Menu?

Yes- this is correct. I am unable to get to the Advanced Menu. The blue screen says

A problem has been detected and windows has been shut down to prevent damage to your computer.  If you Google "blue screen of death" it comes up.

When I try the CD.... I am given a menu to select boot, I select CD and it loads files and then takes me to the blue screen






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users